cbcvebase.

Jdownloads vulnerabilities

6 known vulnerabilities affecting jdownloads/jdownloads.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2018-10068P3MEDIUMCVSS 6.1PoCfixed in 3.2.592018-04-12
CVE-2018-10068 [MEDIUM] CWE-79 CVE-2018-10068: The jDownloads extension before 3.2.59 for Joomla! has XSS. The jDownloads extension before 3.2.59 for Joomla! has XSS.
nvd
CVE-2020-19450P3HIGHCVSS 7.5v3.2.632020-09-25
CVE-2020-19450 [HIGH] CWE-89 CVE-2020-19450: SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdown SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.
nvd
CVE-2020-19455P3HIGHCVSS 7.5v3.2.632020-09-25
CVE-2020-19455 [HIGH] CWE-89 CVE-2020-19455: SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/he SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.
nvd
CVE-2020-19447P3HIGHCVSS 7.5v3.2.632020-09-24
CVE-2020-19447 [HIGH] CWE-89 CVE-2020-19447: SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php v SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
nvd
CVE-2020-19451P3HIGHCVSS 7.5v3.2.632020-09-25
CVE-2020-19451 [HIGH] CWE-89 CVE-2020-19451: SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdown SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.
nvd
CVE-2022-27909P4MEDIUMCVSS 4.3v3.9.8.2v<=3.9.8.22022-05-06
CVE-2022-27909 [MEDIUM] CVE-2022-27909: In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the ad In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files
nvd
Jdownloads vulnerabilities | cvebase